feat(agent-memory): add access_strategy and tenant params for multitenancy#222
Draft
cassiofariasmachado wants to merge 2 commits into
Draft
feat(agent-memory): add access_strategy and tenant params for multitenancy#222cassiofariasmachado wants to merge 2 commits into
cassiofariasmachado wants to merge 2 commits into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds multitenancy support to the
agent_memorymodule by introducing anAccessStrategyenum andtenantparameter on every public client method. All reads and writes can now be scoped to either the provider tenant or a subscriber tenant, with the subscriber token URL derived automatically from the service binding'sidentityzone.This closes AFSDK-4011.
Supported strategies (explicit only, no silent fallback):
SUBSCRIBER_ONLY(default) — fetches a subscriber-scoped OAuth2 token using the providedtenantsubdomain. RaisesAgentMemoryValidationErroriftenantis omitted.PROVIDER_ONLY— uses the provider token; notenantrequired.Breaking change: existing calls that omit
tenantwill raiseAgentMemoryValidationErrorbecause the default strategy isSUBSCRIBER_ONLY. Migration: passtenant="<subdomain>"oraccess_strategy=AccessStrategy.PROVIDER_ONLY.Related Issue
Closes #
Type of Change
How to Test
pytest tests/agent_memory/unit/— all 232 tests should passpytest tests/agent_memory/integration/— 14 provider scenarios pass, 12 subscriber scenarios skipCLOUD_SDK_CFG_HANA_AGENT_MEMORY_DEFAULT_SUBSCRIBER_TENANT=<subdomain> pytest tests/agent_memory/integration/— all 26 scenarios passChecklist
Breaking Changes
What breaks: Any call to an
AgentMemoryClientmethod withouttenantnow raisesAgentMemoryValidationError(default strategy isSUBSCRIBER_ONLY).Migration path:
Additional Notes
HttpTransport._oauth_cache.identityzonefield is now parsed from the UAA JSON binding and stored inAgentMemoryConfig. It is used to derive the subscriber token URL via string replacement, following the same pattern as thedestinationmodule.Given I use the configured subscriber tenantstep to flip the strategy, so all scenario step implementations are shared between provider and subscriber test suites (no duplication)._FIRSTfallback strategies (SUBSCRIBER_FIRST,PROVIDER_FIRST) are explicitly deferred pending safety evaluation of silent cross-tenant fallback behaviour.